CN109299944A - Data ciphering method, system and terminal in a kind of process of exchange - Google Patents
Data ciphering method, system and terminal in a kind of process of exchange Download PDFInfo
- Publication number
- CN109299944A CN109299944A CN201811308825.4A CN201811308825A CN109299944A CN 109299944 A CN109299944 A CN 109299944A CN 201811308825 A CN201811308825 A CN 201811308825A CN 109299944 A CN109299944 A CN 109299944A
- Authority
- CN
- China
- Prior art keywords
- data
- account data
- white list
- account
- exchange
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
Abstract
The present invention provides data ciphering method, system and the terminals in a kind of process of exchange, and wherein method includes: to initialize to white list and encryption parameter, and the white list is that account data processing mode configures list;After initializing successfully, the account data plaintext in transactional cards is obtained;The account data is parsed in plain text, the white list and the encryption parameter is based on, chooses corresponding target cipher mode and target encryption parameter;According to the target cipher mode and the target encryption parameter, desensitization process is carried out to the account data in plain text, obtains account data ciphertext;The account data ciphertext and related data information are sent to backstage transaction processing system, to complete to trade.The present invention can effectively reduce the account data range present in trade link in plain text, it is possible to reduce the workload of each link measure with high safety in chain road realizes the encryption that account data is carried out in terminal.
Description
Technical field
The invention belongs to the data ciphering methods in technical field of data security more particularly to a kind of process of exchange, system
And terminal.
Background technique
POS terminal (point of sale) is a kind of multi-functional terminal end, it be mounted on credit card franchised business and by
It is unified into network with computer in reason site, can be achieved with electronic funds automatic account transfer, it, which has, supports consumption, pre-authorization, remaining sum
The functions such as inquiry and account transfer.
Under the epoch spring tide of the revolutionary innovation of current payment, network trading industry that current Third-party payment mechanism is engaged in
Business, has the advantages that convenient and efficient, but under client's number explosive growth, huge financial risks hidden danger is will be present in this, friendship
Easy data are easy to lead to leakage of data, there are incipient fault for data security by hacker attack by network transmission.
Summary of the invention
In view of this, the embodiment of the invention provides data ciphering method, system and terminal in a kind of process of exchange, with
It solves the problems, such as in the prior art to easily cause leakage of data and there are incipient fault for data security.
The first aspect of the embodiment of the present invention provides the data ciphering method in a kind of process of exchange, comprising:
White list and encryption parameter are initialized, the white list is that account data processing mode configures list;
After initializing successfully, the account data plaintext in transactional cards is obtained;
The account data is parsed in plain text, the white list and the encryption parameter is based on, chooses corresponding mesh
Mark cipher mode and target encryption parameter;
According to the target cipher mode and the target encryption parameter, the account data is carried out at desensitization in plain text
Reason, obtains account data ciphertext;
The account data ciphertext and related data information are sent to backstage transaction processing system, to complete to trade.
The second aspect of the embodiment of the present invention provides the data encryption system in a kind of process of exchange, comprising:
Initialization module, for initializing to white list and encryption parameter, the white list is account data processing
Mode configures list;
Account data obtains module, for after initializing successfully, obtaining the account data in transactional cards in plain text;
Account data parsing module, for being parsed in plain text to the account data, based on the white list and described
Encryption parameter chooses corresponding target cipher mode and target encryption parameter;
Account data encrypting module is used for according to the target cipher mode and the target encryption parameter, to the account
User data carries out desensitization process in plain text, obtains account data ciphertext;
Application interface module, for the account data ciphertext and related data information to be sent to backstage trading processing system
System, to complete to trade.
The third aspect of the embodiment of the present invention provides a kind of terminal, including memory, processor and is stored in described
In memory and the computer program that can run on the processor, the processor are realized when executing the computer program
The step of data ciphering method in process of exchange as described above.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, and the computer program realizes the data in process of exchange as described above when being executed by processor
The step of encryption method.
Existing beneficial effect is the embodiment of the present invention compared with prior art:, will by providing independent ciphering process
The desensitization process of account data plaintext is separated with transaction/service application, reduces the development amount of application, facilitates adaptation
More business application;The desensitization process of account data plaintext has all concentrated on ciphering process, and service application can only touch ciphertext
Or obscure processed data, angle is authenticated from safety of payment, safety certification scope of assessment is reduced, reduces business and answer
With the safety certification workload and cost of/operation system developer;In addition, white list is supported to configure a variety of cipher modes, adaptation
Multiple business scene.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the flow diagram of the data ciphering method in the process of exchange that one embodiment of the present of invention provides;
Fig. 2 be another embodiment of the present invention provides process of exchange in data ciphering method flow diagram;
Fig. 3 is the structural schematic diagram of the data encryption system in the process of exchange that one embodiment of the present of invention provides;
Fig. 4 is the structural schematic diagram for the terminal that one embodiment of the present of invention provides.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, in case unnecessary details interferes description of the invention.
Description and claims of this specification and term " includes " and other any deformations in above-mentioned attached drawing are
Refer to " including but not limited to ", it is intended that cover and non-exclusive include.Such as the process, method comprising a series of steps or units
Or system, product or equipment are not limited to listed step or unit, but optionally further comprising the step of not listing
Or unit, or optionally further comprising other step or units intrinsic for these process, methods, product or equipment.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Embodiment 1:
Fig. 1 shows the realization stream of the data ciphering method in a kind of process of exchange of one embodiment of the present of invention offer
The process executing subject of journey, the present embodiment can be terminal, such as POS terminal.
As shown in Figure 1, the data ciphering method in a kind of process of exchange provided by the embodiment of the present invention, comprising:
Step S101, initializes white list and encryption parameter, and the white list is that account data processing mode is matched
Set list.
In the present embodiment, after establishing white list, and before handling the account data in transactional cards,
Complete the process initialized to white list (that is, account data processing mode configures list) and encryption parameter.When initial
After being melted into function, step S102 could be executed, to obtain account data in plain text.If the initialization of white list or encryption parameter just
Beginningization failure, then do not execute subsequent step, cannot get any account data.
Step S102 obtains the account data plaintext in transactional cards after initializing successfully.
In the present embodiment, terminal can read transactional cards by card reader or user's input is bright to obtain account data
Text.
Transactional cards can be bank card, magnetic stripe card, chip card etc..
Account data may include in plain text primary account number, card store data inside and track data etc..
Primary account number is the card number of transactional cards, for example, the number that bank card front is shown, usually there is 13-19.
Card store data inside, such as chip card, the data about the account are stored inside chip.
Track data is the data for including in the magnetic stripe of transactional cards, for example, a magnetic stripe card has three groups of track datas, usually
Only 1-2 group track data is effective.
In transaction, after brush magnetic stripe card or insertion chip card, the data that the card reader of terminal is read out are track datas
Perhaps card store data inside goes out track data or card store data inside according to magnetic stripe card rule or chip card rule parsing
Carry out primary account number.
Step S103 parses the account data in plain text, is based on the white list and the encryption parameter, chooses
Corresponding target cipher mode and target encryption parameter.
In one embodiment, terminal is parsed to obtain the corresponding primary account number of transactional cards in plain text to account data, is compareed
Configuration data in white list searches the number section where the primary account number and chooses the corresponding target cipher mode of the number section, from encryption
Target encryption parameter needed for selecting the target cipher mode in parameter.
Wherein, whether the configuration data in white list includes cipher mode corresponding to different number section ranges and adds
The information such as close.
There are many kinds, such as TDES (Triple DES, triple DES), RSA (RSA for cipher mode
Algorithm, rivest, shamir, adelman), AES (Advanced Encryption Standard, Advanced Encryption Standard) etc..
Step S104, according to the target cipher mode and the target encryption parameter, to the account data in plain text into
Row desensitization process obtains account data ciphertext.
In the present embodiment, desensitization process refers to that certain sensitive informations to data carry out the change of data by desensitization rule
Shape realizes the reliably protecting of privacy-sensitive data.
The account data ciphertext and related data information are sent to backstage transaction processing system, with complete by step S105
At transaction.
Wherein, related data information may include white list, key parameter, Encryption Algorithm parameter, account aliasing strategy, industry
Data list, the verification information of account data, digital signature needed for being engaged in etc..
In the embodiment of the present invention, received since account data is present in from input POS terminal to backstage transaction processing system
In the entire process of exchange of processing, each link therein require to implement physics, technology, management etc. security control with
Measure, to protect the safety i.e. confidentiality, integrity, and availability of cardholder account data.This programme is by the way of white list
Account data is encrypted in plain text, the account data range present in trade link in plain text can be effectively reduced, can subtract
The workload of each link measure with high safety in few chain road realizes the encryption and processing that account data is carried out in terminal, really
It protects terminal and only externally discharges non-sensitive or encrypted account data, the data of encryption are only transferred to backstage trading processing
After system, can just it be decrypted.
In one embodiment, before step S101, the data ciphering method further include: establish the white list.
It implements process can be with are as follows: user obtains white list text according to the configuration data in preset format editor's white list
Part, terminal receives and manages the locally downloading whitelist file of the user, to establish the white list.
Wherein, preset format is that the account data processing mode configures the corresponding pre-determined file format of list.
In one embodiment of the invention, white list is initialized in step S101, comprising:
A. the digital signature of the white list is verified.
B. after the digital signature authentication passes through, check whether the content of the white list is effective, if effectively, sentencing
The initialization success of the fixed white list.
In one embodiment, whitelist file is what user edited, and the digital signature of white list is generated after the completion of editor,
Terminal obtains the white list of subsidiary digital signature, and verifies in step a to digital signature, with ensure white list from
Legitimate user, and the content of white list realizes the integrality and authenticity for guaranteeing white list not by illegal tampered.
In one embodiment, whether the content of the inspection white list in step b is effective, comprising:
1) the effective the cipher mode whether cipher mode configured in white list is supported by present terminal is checked.Its
In, cipher mode includes Encryption Algorithm and encryption mode.
2) check whether the corresponding number section of primary account number specifies the effective cipher mode.
3) whether the number section range for checking that white list is configured covers all primary account numbers.
4) check whether each primary account number has uniquely corresponded to a kind of effective cipher mode.
If the inspection result in this 4 steps is to be, determine that the content of white list is effective, white list is initialized to
Function.If wherein have the inspection result of any one step be it is no, determine the content invalid of white list, and white list is initial
Change failure, terminal can not continue to execute step S102.
Wherein, number section refers to a range of primary account number.Such as " 6226000000000000-6226999999999999 "
It can be a number section.The cipher mode of each number section is not associated with the cipher mode of other number sections, it may be possible to identical
It may also be different, for example the specified cipher mode of number section " 6226000000000000-6226999999999999 " is
TDES, and the specified cipher mode of another number section " 6225000000000000-6225000000099999 " is AES;White name
Dan Huixian configures available cipher mode, such as configured available cipher mode includes TDES and AES, then in the white list
The configurable cipher mode of each number section can only be TDES and AES one.
It needs to parse the account data in plain text in step s 103, parsing includes parsing from account data plaintext
Primary account number out, and search corresponding number section and correct cipher mode from white list according to primary account number, i.e. target encryption side
Formula.
In one embodiment of the invention, encryption parameter is initialized in step S101, comprising:
Encryption parameter is arranged to the effective cipher mode of each configured in the white list, and to data encryption
The initialization of environment.
In the present embodiment, encryption parameter includes public key data, cipher key index, key/data format etc..Data encryption environment
System environments, software environment etc. including data encryption process operation.After completing to the initialization of encryption parameter, Cai Nengshi
Now correct data encryption.
In one embodiment of the invention, step S104 include: the account data is carried out in plain text data encryption or
The processing of person's data obfuscation, obtains account data ciphertext.
Wherein, data obfuscation processing is carried out in plain text to the account data, comprising: to sensitive in the account data plaintext
Information is truncated, is hidden or mask processing, and non-sensitive part is removed.
Wherein, truncation, which can be, deletes the content of particular piece of data in data.Hiding can be certain number in data
Covering is hidden according to the content of section.Mask processing, which can be, replaces special value with special symbol, for example, by primary account number
First 6 and it is 4 latter between number with No. * replace.
The present embodiment realizes the function of data obfuscation, is hidden to the sensitive information in account data plaintext, thus
Sensitive information is protected not to be leaked.
As shown in Fig. 2, it is optional, in one embodiment of the invention, the data ciphering method in the process of exchange,
Further include:
Step S201 generates the account data plaintext or the corresponding verification information of the account data ciphertext.
The verification information is sent to the backstage transaction processing system by step S202.
Step S203 is verified and is sentenced to account data using the verification information in the backstage transaction processing system
Determine account data source it is credible after, receive the data trusted feedback that the backstage transaction processing system is sent.
In one embodiment, step S201 includes:
MAC (Message Authentication is done to the account data plaintext or the account data ciphertext
Codes, Message Authentication Code) operation is verified code, using the identifying code as the verification information.
Alternatively, doing signature operation to the account data plaintext or the account data ciphertext, signing messages is obtained, by institute
Signing messages is stated as the verification information.
So, step S202 includes: that the identifying code or the signing messages are sent to the backstage trading processing
System.
Step S203 includes: that backstage transaction processing system uses the identifying code or the signing messages to account data
It is verified, whether the source to judge account data is credible, and after backstage transaction processing system determines that source is credible, terminal is connect
Receive the data trusted feedback of backstage transaction processing system transmission.
The present embodiment be it is optional, according to the demand of backstage transaction system, come determine the need for using verification information into
Row verifying, may be implemented to improve safety to the verifying of account data source identity.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Embodiment 2:
As shown in figure 3, the data encryption system 100 in the process of exchange that one embodiment of the present of invention provides, for holding
Method and step in embodiment corresponding to row Fig. 1 comprising:
Initialization module 110, for initializing to white list and encryption parameter, the white list is at account data
Reason mode configures list.
Account data obtains module 120, for after initializing successfully, obtaining the account data in transactional cards in plain text.
Account data parsing module 130 is based on the white list and institute for parsing in plain text to the account data
Encryption parameter is stated, corresponding target cipher mode and target encryption parameter are chosen.
Account data encrypting module 140 is used for according to the target cipher mode and the target encryption parameter, to described
Account data carries out desensitization process in plain text, obtains account data ciphertext.
Application interface module 150, for the account data ciphertext and related data information to be sent at the transaction of backstage
Reason system, to complete to trade.
In one embodiment of the invention, initialization module 110 includes white list administrative unit, is used for:
The digital signature of the white list is verified.
After the digital signature authentication passes through, check whether the content of the white list is effective, if effectively, determining
The initialization success of the white list.
In one embodiment of the invention, initialization module 110 further includes encryption handling unit, is used for:
Encryption parameter is arranged to the effective cipher mode of each configured in the white list, and to data encryption
The initialization of environment.
In one embodiment of the invention, account data encrypting module 140 includes desensitization unit, for the account
Data clear text carries out data encryption or data obfuscation processing, obtains account data ciphertext.
In one embodiment of the invention, desensitization unit is also used to carry out sensitive information in the account data plaintext
Truncation, the processing of hiding or mask, to remove non-sensitive part.
In one embodiment of the invention, the data encryption system 100 in process of exchange further includes account data source body
Part authentication module, is used for:
Generate account data plaintext or the corresponding verification information of the account data ciphertext.
The verification information is sent to the backstage transaction processing system.
Account data is verified using the verification information in the backstage transaction processing system and determines account number
According to source it is credible after, receive the data trusted feedback that the backstage transaction processing system is sent.
In one embodiment, the data encryption system 100 in process of exchange further includes other function module/unit, is used
In the method and step for realizing each embodiment in embodiment 1.
It is apparent to those skilled in the art that for convenience and simplicity of description, only with above-mentioned each function
The division progress of module can according to need and for example, in practical application by above-mentioned function distribution by different function moulds
Block is completed, i.e., the internal structure of the data encryption system 100 in process of exchange is divided into different functional modules, more than completing
The all or part of function of description.Each functional module in embodiment can integrate in one processing unit, be also possible to
Each unit physically exists alone, and can also be integrated in one unit with two or more units, above-mentioned integrated module
Both it can take the form of hardware realization, can also realize in the form of software functional units.In addition, the tool of each functional module
Body title is also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Number in above-mentioned process of exchange
, can be with the corresponding process in reference implementation example 1 according to the specific work process of module in encryption system 100, details are not described herein.
Embodiment 3:
Fig. 4 is the schematic diagram for the terminal that one embodiment of the invention provides.As shown in figure 4, the terminal 4 of the embodiment includes:
Processor 40, memory 41 and it is stored in the computer program that can be run in the memory 41 and on the processor 40
42.The processor 40 realizes the step in each embodiment as described in example 1 above, example when executing the computer program 42
Step S101 to S105 as shown in Figure 1.Alternatively, the processor 40 realizes such as embodiment when executing the computer program 42
The function of each module/unit in each system embodiment described in 2, such as the function of module 110 to 150 shown in Fig. 3.
The terminal 4 refers to the terminal with data-handling capacity, including but not limited to POS terminal, computer, work
It stands, smart phone, palm PC, the tablet computer, personal digital assistant (PDA), smart television more even haveing excellent performance
(Smart TV) etc..Operating system is generally fitted in terminal, including but not limited to: Windows operating system, LINUX behaviour
Make system, Android (Android) operating system, Symbian operating system, Windows mobile operating system and iOS behaviour
Make system etc..The specific example of terminal 4 is enumerated in detail above, it will be appreciated by those of skill in the art that terminal and unlimited
Example is enumerated in above-mentioned.
The terminal may include, but be not limited only to, processor 40, memory 41.It will be understood by those skilled in the art that figure
4 be only the example of terminal 4, and the not restriction of structure paired terminal 4 may include components more more or fewer than diagram, or
Combine certain components or different components, for example, the terminal 4 can also include input-output equipment, network access equipment,
Bus etc..
Alleged processor 40 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory 41 can be the internal storage unit of the terminal 4, such as the hard disk or memory of terminal 4.It is described
Memory 41 is also possible to the External memory equipment of the terminal 4, such as the plug-in type hard disk being equipped in the terminal 4, intelligence
Storage card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card)
Deng.Further, the memory 41 can also both include the internal storage unit of the terminal 4 or set including external storage
It is standby.The memory 41 is for other programs and data needed for storing the computer program and the terminal 4.It is described to deposit
Reservoir 41 can be also used for temporarily storing the data that has exported or will export.
Embodiment 4:
The embodiment of the invention also provides a kind of computer readable storage medium, computer-readable recording medium storage has meter
Calculation machine program is realized the step in each embodiment as described in example 1 above, such as is schemed when computer program is executed by processor
Step S101 shown in 1 to step S105.Alternatively, realizing when the computer program is executed by processor such as institute in embodiment 2
The function of each module/unit in each system embodiment stated, such as the function of module 110 to 150 shown in Fig. 3.
The computer program can be stored in a computer readable storage medium, and the computer program is by processor
When execution, it can be achieved that the step of above-mentioned each embodiment of the method.Wherein, the computer program includes computer program code,
The computer program code can be source code form, object identification code form, executable file or certain intermediate forms etc..Institute
State computer-readable medium may include: can carry the computer program code any entity or device, recording medium,
USB flash disk, mobile hard disk, magnetic disk, CD, computer storage, read-only memory (ROM, Read-Only Memory), arbitrary access
Memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, embodiment 1 to 4 can in any combination, group
The new embodiment formed after conjunction is also within the scope of protection of this application.There is no the portion for being described in detail or recording in some embodiment
Point, it may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed terminal and method can pass through others
Mode is realized.For example, system/terminal embodiment described above is only schematical, for example, the module or unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling or direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
Conjunction or communication connection can be electrical property, mechanical or other forms.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. the data ciphering method in a kind of process of exchange characterized by comprising
White list and encryption parameter are initialized, the white list is that account data processing mode configures list;
After initializing successfully, the account data plaintext in transactional cards is obtained;
The account data is parsed in plain text, the white list and the encryption parameter is based on, chooses corresponding target and add
Close mode and target encryption parameter;
According to the target cipher mode and the target encryption parameter, desensitization process is carried out to the account data in plain text, is obtained
To account data ciphertext;
The account data ciphertext and related data information are sent to backstage transaction processing system, to complete to trade.
2. the data ciphering method in process of exchange as described in claim 1, which is characterized in that described to be carried out just to white list
Beginningization, comprising:
The digital signature of the white list is verified;
After the digital signature authentication passes through, check whether the content of the white list is effective, if effectively, described in judgement
The initialization success of white list.
3. the data ciphering method in process of exchange as described in claim 1, which is characterized in that described to be carried out to encryption parameter
Initialization, comprising:
Encryption parameter is arranged to the effective cipher mode of each configured in the white list, and to data encryption ring border
Initialization.
4. the data ciphering method in process of exchange as described in claim 1, which is characterized in that described to the account data
Desensitization process is carried out in plain text, obtains account data ciphertext, comprising:
It carries out data encryption or data obfuscation processing in plain text to the account data, obtains account data ciphertext.
5. the data ciphering method in process of exchange as claimed in claim 4, which is characterized in that described to the account data
Data obfuscation processing is carried out in plain text, comprising:
Sensitive information in the account data plaintext is truncated, hide or mask processing, to remove non-sensitive part.
6. such as the data ciphering method in process of exchange described in any one of claim 1 to 5, which is characterized in that further include:
Generate the account data plaintext or the corresponding verification information of the account data ciphertext;
The verification information is sent to the backstage transaction processing system;
Account data is verified using the verification information in the backstage transaction processing system and determines account data
After source is credible, the data trusted feedback that the backstage transaction processing system is sent is received.
7. the data encryption system in a kind of process of exchange characterized by comprising
Initialization module, for initializing to white list and encryption parameter, the white list is account data processing mode
Configure list;
Account data obtains module, for after initializing successfully, obtaining the account data in transactional cards in plain text;
Account data parsing module is based on the white list and the encryption for parsing in plain text to the account data
Parameter chooses corresponding target cipher mode and target encryption parameter;
Account data encrypting module is used for according to the target cipher mode and the target encryption parameter, to the account number
Desensitization process is carried out according to plaintext, obtains account data ciphertext;
Application interface module, for the account data ciphertext and related data information to be sent to backstage transaction processing system,
To complete transaction.
8. the data encryption system in process of exchange as claimed in claim 7, which is characterized in that further include account data source body
Part authentication module, is used for:
Generate the account data plaintext or the corresponding verification information of the account data ciphertext;
The verification information is sent to the backstage transaction processing system;
Account data is verified using the verification information in the backstage transaction processing system and determines account data
After source is credible, the data trusted feedback that the backstage transaction processing system is sent is received.
9. a kind of terminal, which is characterized in that in the memory and can be at the place including memory, processor and storage
The computer program run on reason device, the processor are realized when executing the computer program such as any one of claim 1 to 6
The step of data ciphering method in the process of exchange.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer journey
Sequence realizes that the data as described in any one of claim 1 to 6 in process of exchange add when the computer program is executed by processor
The step of decryption method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811308825.4A CN109299944B (en) | 2018-11-05 | 2018-11-05 | Data encryption method, system and terminal in transaction process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811308825.4A CN109299944B (en) | 2018-11-05 | 2018-11-05 | Data encryption method, system and terminal in transaction process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109299944A true CN109299944A (en) | 2019-02-01 |
| CN109299944B CN109299944B (en) | 2020-12-18 |
Family
ID=65146749
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811308825.4A Active CN109299944B (en) | 2018-11-05 | 2018-11-05 | Data encryption method, system and terminal in transaction process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109299944B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110211005A (en) * | 2019-05-25 | 2019-09-06 | 山东可里巴巴知识产权运营有限公司 | It is a kind of that name mode is selected based on the online trade mark smoothly traded |
| CN111104649A (en) * | 2019-12-31 | 2020-05-05 | 阿尔法云计算(深圳)有限公司 | Data processing method, server and storage medium |
| CN111818036A (en) * | 2020-06-30 | 2020-10-23 | 平安科技(深圳)有限公司 | Sensitive information protection method and device, computing equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853453A (en) * | 2009-04-03 | 2010-10-06 | 中兴通讯股份有限公司 | System and method for realizing mobile payment |
| CN101927625A (en) * | 2009-06-17 | 2010-12-29 | 精工爱普生株式会社 | The control method of printing processing apparatus, the control method of receipt printing apparatus, printing processing apparatus, receipt issue system and program |
| CN102339499A (en) * | 2011-09-30 | 2012-02-01 | 重庆南天数据资讯服务有限公司 | System for realizing POS (point of sale) card swiping payment device based on mobile communication terminal |
| CN104881777A (en) * | 2015-05-04 | 2015-09-02 | 深圳市新一代信息技术研究院有限公司 | Payment method based on mobile terminal |
-
2018
- 2018-11-05 CN CN201811308825.4A patent/CN109299944B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853453A (en) * | 2009-04-03 | 2010-10-06 | 中兴通讯股份有限公司 | System and method for realizing mobile payment |
| CN101927625A (en) * | 2009-06-17 | 2010-12-29 | 精工爱普生株式会社 | The control method of printing processing apparatus, the control method of receipt printing apparatus, printing processing apparatus, receipt issue system and program |
| CN102339499A (en) * | 2011-09-30 | 2012-02-01 | 重庆南天数据资讯服务有限公司 | System for realizing POS (point of sale) card swiping payment device based on mobile communication terminal |
| CN104881777A (en) * | 2015-05-04 | 2015-09-02 | 深圳市新一代信息技术研究院有限公司 | Payment method based on mobile terminal |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110211005A (en) * | 2019-05-25 | 2019-09-06 | 山东可里巴巴知识产权运营有限公司 | It is a kind of that name mode is selected based on the online trade mark smoothly traded |
| CN111104649A (en) * | 2019-12-31 | 2020-05-05 | 阿尔法云计算(深圳)有限公司 | Data processing method, server and storage medium |
| CN111818036A (en) * | 2020-06-30 | 2020-10-23 | 平安科技(深圳)有限公司 | Sensitive information protection method and device, computing equipment and storage medium |
| CN111818036B (en) * | 2020-06-30 | 2021-06-04 | 平安科技(深圳)有限公司 | Sensitive information protection method and device, computing equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109299944B (en) | 2020-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6385723B1 (en) | Key transformation unit for an IC card | |
| US7699233B2 (en) | Method for issuer and chip specific diversification | |
| US7669055B2 (en) | Key transformation unit for a tamper resistant module | |
| JP3782059B2 (en) | Security module with volatile memory for storing algorithm code | |
| US7917760B2 (en) | Tamper resistant module having separate control of issuance and content delivery | |
| CN106603496B (en) | A kind of guard method, smart card, server and the communication system of data transmission | |
| EP3780484B1 (en) | Cryptographic operation and working key creation method and cryptographic service platform and device | |
| CN102696047A (en) | Encryption switch processing | |
| CN101506815A (en) | Bi-processor architecture for secure systems | |
| ES2877522T3 (en) | Method and system to improve the security of a transaction | |
| CN109299944A (en) | Data ciphering method, system and terminal in a kind of process of exchange | |
| CN104166914A (en) | Secure system and method based on secure element and applied to host card emulation technology | |
| CN109146468A (en) | A kind of backup and restoration methods of the logical card of number | |
| CN103236011A (en) | Electronic currency transaction monitoring method | |
| CN103138925A (en) | Card issuing operation method, integrated circuit (IC) card and card issuing device | |
| CN116823257A (en) | Information processing method, device, equipment and storage medium | |
| Jensen et al. | A secure credit card protocol over NFC | |
| WO2013138867A1 (en) | Secure nfc apparatus and method | |
| CN101217366B (en) | A digital signature device with write protection | |
| CA2940465C (en) | Device and method for securing commands exchanged between a terminal and an integrated circuit | |
| Rezaeighaleh | Improving security of crypto wallets in blockchain technologies | |
| EP1715613A1 (en) | Method and system for securing point to point connections | |
| CN105989489B (en) | A kind of method and payment terminal of IC card networking certification | |
| KR101547937B1 (en) | A portable terminal, a method for processing card information using it and a card reader | |
| Fritsche et al. | Recommendations for implementing a Bitcoin wallet using smart card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |